Problem using views

Mark_Andrews at isc.org Mark_Andrews at isc.org
Sun Sep 22 23:44:00 UTC 2002


> 
> Hi everyone -
> 
> I am using bind 9.2.2rc1, configured with views.
> 
> so there is (shortened):
> 
> --%snip%--
> view internal {
>   match-clients { local; };
>   zone "domainA.tld" in { type master; file "internal/db.domainA.tld"; };
>   zone "domainB.tld" in { type master; file "external/db.domainB.tld"; 
> allow-update { key mykey; }; };
> }
> view external {
>  match-clients { any; };
>  zone "domainA.tld" in { type master; file "external/db.domainA.tld"; };
>  zone "domainB.tld" in { type master; file "external/db.domainB.tld"; 
> allow-update { key mykey; }; };
> }
> --%snap%--

	This is a bad configuration.  You can only share master files if
	the files are read-only as far as named is concerned.

	Mark
> 
> Now, when updating some domainB.tld RR from an external client via nsupdate, 
> everything seems working fine:
> 
> > update.log: client 111.222.111.222#1065: updating zone 'domainB.tld/IN': 
> adding an RR
> > bind.log: zone domainB.tld/IN: sending notifies (serial 2002092205)
> > xfer.log: client 112.221.112.221#57813: transfer of 'domainB.tld/IN': IXFR 
> started
> 
> But now when querying the nameserver using a local client, the SOA is still 
> the former one (2002092204), the added RR is not available. Using a remote 
> client (external view), the correct SOA is presented and a query returns 
> the right value. Very strange: my slave nameserver (running bind 9.2.2rc1) 
> started an IXFR (see above), but presents the incorrect SOA and RR, too, 
> when querying from an internal view. Queries matching the external view are 
> answered correctly.
> 
> So I thought that removing the duplicate entries might be a solution 
> (removing all external zones from the internal view), but that doesn't 
> work. When doing that, everyone may query my nameserver but me (local).
> 
> Removing the view concept itself is neither a solution, as I need an 
> internal view of one of these zones and a "." type hint zone.
> 
> Last but not least: I need to be able to update the zones from inside 
> (internal) and outside (external) via nsupdate. That works for now by 
> restarting the nameserver after changing a RR or something.
> 
> Any suggestions?
> 
> Sincerely,
> Marc
> 
> 
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list